Many virus attacks aren't really exploiting weaknesses in your operating sytem: they're simply tricking you into telling the OS to do things that it shouldn't do. The OS is just doing its job, executing code when you say so. Researchers at HP Labs are working on a solution to this problem using the Principle of Least Authority, or POLA -- "limiting the rights of each program to only the ones needed for the job the user wants done"

Did these guy hear about Word macro viruses? That type of viruses which only "edits" the document you have open and nothing else.

Hence the term "Principle of Least Authority". Would you rather have your Word documents "edited" or the whole user home/harddrive? Your Word documents would qualify for the "least authority" criteria. Your Word program wouldn't really be that usable if it could not edit Word files...